Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Farbar log


  • This topic is locked This topic is locked
14 replies to this topic

#1 Viveca

Viveca

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 12 April 2018 - 04:59 AM

Hi,

 

I suspect someone has installed a Trojan on my computer, Could you please check my Farbar log.

 

Kind regards,

 

Vivcea

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Kattis (administrator) on DESKTOP-RD003HP (12-04-2018 07:28:04)
Running from D:\
Loaded Profiles: Kattis (Available Profiles: Kattis)
Platform: Windows 10 Home Version 1709 16299.251 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\ulcore\1519387538\fsorsp64.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(SDL) C:\Program Files (x86)\SDL\SDL Trados Studio\Studio3\ProductTelemetricsService\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe
() C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\ulcore\1519387538\fshoster64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Corel Corporation) C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-997193239-2899253090-1109805270-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 82.209.169.71 82.209.169.72
Tcpip\..\Interfaces\{632584ac-cda9-476a-95e0-5a322e3d28c0}: [DhcpNameServer] 10.66.80.1
Tcpip\..\Interfaces\{aa3cd9c7-ec94-47d8-8f5a-cbc60955c13f}: [DhcpNameServer] 82.209.169.71 82.209.169.72

Internet Explorer:
==================
HKU\S-1-5-21-997193239-2899253090-1109805270-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\nif\1520854327\browser\install\fs_ie_https\fs_ie_https64.dll [2018-03-12] (F-Secure Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\nif\1520854327\browser\install\fs_ie_https\fs_ie_https.dll [2018-03-12] (F-Secure Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll => No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

FireFox:
========
FF DefaultProfile: 59f1pyqa.default
FF ProfilePath: C:\Users\sanne\AppData\Roaming\Mozilla\Firefox\Profiles\59f1pyqa.default [2018-04-03]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi [2018-03-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\nif\1520854327\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [139864 2017-03-23] (Conexant Systems, Inc.)
R2 fshoster; C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe [177120 2017-11-28] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe [177120 2017-11-28] (F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\ulcore\1519387538\fshoster64.exe [569312 2018-03-12] (F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\ulcore\1519387538\fsorsp64.exe [78304 2018-03-12] (F-Secure Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [604312 2018-01-19] (McAfee, Inc.)
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [147056 2014-11-07] (Nalpeiron Ltd.)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [293344 2017-07-11] (Realtek Semiconductor Corp.)
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [416576 2016-10-27] (Conexant Systems, Inc.)
R2 Sdl.Studio.ProductTelemetrics.v1; C:\Program Files (x86)\SDL\SDL Trados Studio\Studio3\ProductTelemetricsService\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe [12800 2014-10-31] (SDL) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34704 2016-08-13] (Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54160 2016-09-14] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [106416 2017-10-13] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices, Inc. )
R3 amduart; C:\WINDOWS\System32\drivers\amduart.sys [91672 2016-08-13] (Advanced Micro Devices, Inc)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [101872 2017-05-24] (ASUS Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
S3 AX88179; C:\WINDOWS\System32\drivers\ax88179_178a.sys [74240 2017-09-29] (ASIX Electronics Corp.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\ulcore\1519387538\fsulgk.sys [230248 2018-03-12] (F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\ulcore\1519387538\fshs.sys [93032 2018-03-12] (F-Secure Corporation)
R0 fsbts; C:\WINDOWS\System32\drivers\fsbts.sys [73928 2018-03-12] ()
R3 fsni; C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\nif\1520854327\fsni64.sys [117576 2018-03-12] (F-Secure Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31120 2016-12-19] (ASUS)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-24] (Malwarebytes)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [898296 2016-01-13] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [724448 2017-07-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6907240 2017-07-18] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-08 09:00 - 2018-04-12 07:28 - 000000000 ____D C:\FRST
2018-03-24 17:54 - 2018-03-24 17:54 - 000012331 _____ C:\Users\sanne\Desktop\hijackthis_med backupfiler
2018-03-24 17:45 - 2018-04-12 07:19 - 000000000 ____D C:\Users\sanne\Desktop\Back up ASUS 2018-01-06
2018-03-24 17:03 - 2018-03-24 17:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-997193239-2899253090-1109805270-1001
2018-03-21 18:08 - 2018-03-21 18:08 - 000012291 _____ C:\Users\sanne\Desktop\hijackthis_3.txt
2018-03-21 18:06 - 2018-03-21 15:48 - 000000215 _____ C:\Users\sanne\Desktop\Malawarebytes.txt
2018-03-21 18:05 - 2018-03-21 12:39 - 000388608 _____ (Trend Micro Inc.) C:\Users\sanne\Desktop\HijackThis.exe
2018-03-21 18:04 - 2018-03-23 21:59 - 000012092 _____ C:\Users\sanne\Desktop\hijackthis_run as admin.txt
2018-03-21 15:39 - 2018-03-24 17:19 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-21 15:39 - 2018-03-21 15:39 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-21 15:39 - 2018-03-21 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-21 15:38 - 2018-03-21 15:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-21 15:38 - 2018-03-21 15:38 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-21 15:38 - 2018-01-18 10:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-14 13:42 - 2018-03-21 16:34 - 000000000 ____D C:\Users\sanne\Desktop\24.se
2018-03-14 13:39 - 2018-04-03 10:00 - 000000000 ____D C:\Users\sanne\Desktop\Deklaration för 2017

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-12 07:20 - 2018-02-26 14:24 - 000000182 _____ C:\Users\sanne\AppData\Roaming\sp_data.sys
2018-04-11 13:46 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-11 13:38 - 2018-03-05 15:29 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-04-11 13:38 - 2018-03-05 15:29 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-04-08 09:02 - 2018-03-05 15:23 - 000000000 ____D C:\Users\sanne\AppData\Local\Packages
2018-04-08 09:01 - 2018-03-12 13:15 - 000000000 ____D C:\Users\sanne\Desktop\Admin
2018-04-08 08:58 - 2018-03-05 15:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-03 17:26 - 2018-02-26 14:27 - 000000000 ____D C:\Users\sanne\AppData\LocalLow\Mozilla
2018-03-29 19:00 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-24 17:23 - 2018-03-05 15:31 - 001893396 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-24 17:23 - 2017-09-30 16:10 - 000811192 _____ C:\WINDOWS\system32\perfh01D.dat
2018-03-24 17:23 - 2017-09-30 16:10 - 000169694 _____ C:\WINDOWS\system32\perfc01D.dat
2018-03-24 17:19 - 2018-03-05 15:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-24 17:18 - 2018-02-26 14:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-24 17:18 - 2018-02-26 14:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-24 17:18 - 2017-11-29 22:55 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2018-03-24 17:18 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-21 13:06 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-21 12:59 - 2018-02-26 14:21 - 000000000 ____D C:\Users\sanne\AppData\Local\VirtualStore
2018-03-21 12:58 - 2018-03-05 15:15 - 000000000 ____D C:\Windows.old
2018-03-21 10:48 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-15 16:47 - 2018-02-26 14:23 - 000000000 ___RD C:\Users\sanne\OneDrive
2018-03-15 09:34 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-14 18:11 - 2018-02-26 14:26 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-14 16:25 - 2018-03-07 16:59 - 000000000 ____D C:\Users\sanne\Desktop\2018-03-08
2018-03-14 11:02 - 2018-02-27 12:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 11:02 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-14 11:01 - 2018-02-27 12:04 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 11:00 - 2018-02-27 12:04 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 13:09 - 2018-03-12 14:56 - 000000000 ____D C:\Users\sanne\Desktop\More than Words

==================== Files in the root of some directories =======

2018-02-26 14:24 - 2018-04-12 07:20 - 000000182 _____ () C:\Users\sanne\AppData\Roaming\sp_data.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-02 20:32

==================== End of FRST.txt ============================

 

 

And addition file -

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Kattis (12-04-2018 07:28:59)
Running from D:\
Windows 10 Home Version 1709 16299.251 (X64) (2018-03-05 13:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-997193239-2899253090-1109805270-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-997193239-2899253090-1109805270-503 - Limited - Disabled)
Gäst (S-1-5-21-997193239-2899253090-1109805270-501 - Limited - Disabled)
Kattis (S-1-5-21-997193239-2899253090-1109805270-1001 - Administrator - Enabled) => C:\Users\sanne
WDAGUtilityAccount (S-1-5-21-997193239-2899253090-1109805270-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: F-Secure (Enabled - Out of date) {35BE5FA4-2DEA-00F8-DC55-FD8AF743F44F}
AS: F-Secure (Enabled - Out of date) {8EDFBE40-0BD0-0F76-E6E5-C6F88CC4BEF2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.19 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.20.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0043 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.1.3 - ICEpower a/s)
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Computer Security 17.204.106.0 (release) (HKLM-x32\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 17.204.106.0 - F-Secure Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.64.53 - Conexant)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.7 - ASUSTek COMPUTER INC.)
F-Secure (HKLM-x32\...\{5B2DB883-3BBC-4BC7-8CB4-93DA19DE75B2}) (Version: 3.04.148.0 - F-Secure Corporation) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 3.04.148.0 - F-Secure Corporation)
F-Secure Ultralight 1.1.14.0 (release) (HKLM-x32\...\{55079DAB-EB0E-4946-8AC2-64CD27AA3146}) (Version: 1.1.14.0 - F-Secure Corporation) Hidden
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)
Microsoft Office Home and Student 2016 - sv-se (HKLM\...\HomeStudentRetail - sv-se) (Version: 16.0.9029.2167 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-997193239-2899253090-1109805270-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mozilla Firefox 59.0 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0 (x64 en-US)) (Version: 59.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-041D-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Online Safety 2.204.7118.12 (HKLM-x32\...\{86CBD388-8B4D-4275-9872-60F6BF7211FA}) (Version: 2.204.7118.12 - F-Secure Corporation) Hidden
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.1000.170710 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0017 - REALTEK Semiconductor Corp.)
SDL Trados 2014 SP2 - Remove suite of products (HKLM-x32\...\TranslationStudio2014) (Version: 3.2.4322 - SDL)
SDL Trados Legacy Compatibility Module for Studio 2014 (HKLM-x32\...\{7F8F4AF6-0CE2-46E9-BA14-C55F19968926}) (Version: 2.1.128 - SDL)
SDL Trados Studio 2014 SP2 (HKLM-x32\...\{47EA73FD-3EA0-48FC-B5CE-662FFC6E91D7}) (Version: 3.2.4322 - SDL)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{567756E0-361F-4E88-AF74-8B0E4628E5BC}) (Version: 1.12.0.0 - Microsoft Corporation) Hidden
Windows Driver Package - ASUS (AsusTP) Mouse  (04/10/2017 1.0.0.296) (HKLM\...\CE3B2AC6A7CFF15EC85D2C007B1B4143383541C1) (Version: 04/10/2017 1.0.0.296 - ASUS)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24115}) (Version: 22.0.12670 - Corel Corporation)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-997193239-2899253090-1109805270-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll ()
ContextMenuHandlers1-x32: [TranslationStudioShlExt2011] -> {F6C08E19-DCE1-45B5-A225-E94FADB585DD} => C:\Program Files (x86)\SDL\SDL Trados Studio\Studio3\TranslationStudioExt.dll [2014-11-11] (TODO: <Company name>)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-11-03] (WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-11-03] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-11-03] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D0A433A-CD3E-42FB-9FA4-D31A3BFC843F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2017-05-24] (ASUS)
Task: {112737E6-A2DC-4B36-AD28-B0043B283F0D} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {1229BEC1-7A67-4EBA-A630-97F798522721} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation)
Task: {20745C92-43C5-497F-B7E8-3DFB1A8B4D67} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {26637BA7-435D-4EAD-A7FD-807D71369169} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {2DC194BA-CADD-41EB-A3C4-235F9044DA60} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-11-09] (ASUSTek COMPUTER INC.)
Task: {37E9B3B4-7532-4EB2-8475-1310B6DF7026} - System32\Tasks\S-1-5-21-997193239-2899253090-1109805270-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {6CB0E9B1-ADE3-4F56-8B8E-78C48AF907A1} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {7A06B7CD-51F6-408B-A2AF-5D6419726084} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [2016-08-29] (Conexant Systems, Inc.)
Task: {A5EDCE25-DCBD-476A-B7D7-12E48BE0D2CE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-05-24] (AsusTek)
Task: {A6DEA21D-9ED7-45F3-A8B0-F475AC6D394E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {AD4ED1BE-EE90-4733-961F-2DDA2C4D21AC} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2017-07-03] (ASUSTek Computer Inc)
Task: {B8DC580D-FCE9-43BA-AD57-CE4AC3C0AACB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation)
Task: {B9EA03C5-24BC-4634-86D1-82343F3F87BD} - System32\Tasks\Microsoft\Windows\Conexant\AFA => C:\Program Files\CONEXANT\cAudioFilterAgent\SACpl.exe [2016-07-05] (Conexant Systems, Inc.)
Task: {CAE80831-EC5E-46E0-A5EF-B6069B53E971} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {CD13BCB8-E93D-464F-921B-D62FBE20848E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc.)
Task: {FC55EE6F-86A4-4DBE-AF24-EEFA7461AFA9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\sanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7634a48803fa655b\ASUS GIFTBOX.lnk -> C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe (ASUSTek Computer Inc) -> --user-data-dir="C:\Users\sanne\AppData\Local\ASUS GIFTBOX\User Data" --profile-directory=Default --app-id=gicdkbgeaegfghgkdgaejkfeppmlobel

==================== Loaded Modules (Whitelisted) ==============

2018-03-12 11:05 - 2018-03-12 11:05 - 000331744 _____ () C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\ulcore\1519387538\daas2_x64.dll
2017-09-01 13:15 - 2017-09-01 13:15 - 000495872 _____ () C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
2018-03-12 11:05 - 2018-03-12 11:05 - 000319968 _____ () C:\Program Files (x86)\F-Secure\Internet Security\apps\Ultralight\ulcore\1519387538\senddump_fshoster_plugin64.dll
2018-03-21 15:38 - 2018-02-05 16:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-06 18:23 - 2018-02-22 02:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-06 18:22 - 2018-02-22 02:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-27 13:14 - 2018-02-27 13:14 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-02-27 13:14 - 2018-02-27 13:14 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-02-27 13:14 - 2018-02-27 13:14 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-02-27 13:14 - 2018-02-27 13:14 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
2018-02-27 13:14 - 2018-02-27 13:14 - 000649216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-11-28 12:22 - 2017-11-28 12:22 - 000210912 _____ () C:\Program Files (x86)\F-Secure\Internet Security\zlib_32.dll
2017-11-28 12:22 - 2017-11-28 12:22 - 000254944 _____ () C:\Program Files (x86)\F-Secure\Internet Security\daas2.dll
2017-05-24 14:40 - 2017-05-24 14:40 - 000033280 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2017-04-14 17:45 - 2017-04-14 17:45 - 000125440 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2017-04-14 17:45 - 2017-04-14 17:45 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-997193239-2899253090-1109805270-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sanne\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\sany0076.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9420E2A5-F769-4248-B7D0-62CCCC753884}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{1B26B4E5-69A1-4FC9-904C-44DE4ECFA5B4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{94BD1277-CCAC-4969-9A5B-3F6EEF696023}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7C7F0AC1-C4CC-45FD-975D-683D9AED0CFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{52D25B8D-F9C8-4ABC-9E71-A8B34CF45AED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FF01467C-D9FE-4C24-9B29-0F1975E33D12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F47CE653-E476-40BD-86A6-C76DB12C175C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{66F522CE-9003-45EF-947F-3F162ACBD206}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4A708077-68BE-4668-AF5A-F1D2098B85F4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{16F88C76-C718-45A6-B433-4E3C7E418288}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [UDP Query User{F7B60D80-A278-4355-A331-132379847562}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0B05B8AD-C331-49BD-B56C-CEA6C5276280}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{D0E97851-07E0-4B61-91C7-10809B44A5D3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{7D0E5796-F531-40A2-B0F2-BA70369593FE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{6E7A05EB-9781-4359-B7F8-2129E41B070F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7C8E022C-3A6F-453E-BD45-2576FEBCF605}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2018 11:03:24 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (03/05/2018 03:28:36 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Det gick inte att hämta status för klusternoden: .Returnerad felkod: 0x8007085A

Error: (03/05/2018 03:27:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (6696,R,0) TILEREPOSITORYS-1-0-0: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log öppnades.

Error: (03/05/2018 03:27:31 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Det gick inte att hämta status för klusternoden: .Returnerad felkod: 0x8007085A

Error: (03/05/2018 03:27:31 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Det gick inte att hämta status för klusternoden: .Returnerad felkod: 0x8007085A

Error: (03/05/2018 03:27:31 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Det gick inte att hämta status för klusternoden: .Returnerad felkod: 0x8007085A


System errors:
=============
Error: (04/12/2018 07:20:47 AM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 och APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.

Error: (04/12/2018 07:17:48 AM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 och APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.

Error: (04/12/2018 07:17:48 AM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 och APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.

Error: (04/12/2018 07:17:48 AM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 och APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.

Error: (04/12/2018 07:17:48 AM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 och APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.

Error: (04/11/2018 01:38:14 PM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 och APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.

Error: (04/11/2018 01:36:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten ClickToRunSvc.

Error: (04/11/2018 01:35:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten ClickToRunSvc.


==================== Memory info ===========================

Processor: AMD A10-9620P RADEON R5, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 32%
Total physical RAM: 7120.46 MB
Available physical RAM: 4787.45 MB
Total Virtual: 8272.46 MB
Available Virtual: 5528.52 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:118.19 GB) (Free:66.75 GB) NTFS
Drive d: (KINGSTON) (Removable) (Total:14.4 GB) (Free:14.4 GB) FAT32

\\?\Volume{33c400c8-d33b-4072-96c2-22a7c7c2aada}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.23 GB) FAT32
\\?\Volume{3a3e8770-b52d-44be-98ca-c836baf4209e}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 7658A881)

Partition: GPT.

========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 2FF51065)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0B)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 14 April 2018 - 07:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Tcpip\Parameters: [DhcpNameServer] 82.209.169.71 82.209.169.72
Tcpip\..\Interfaces\{aa3cd9c7-ec94-47d8-8f5a-cbc60955c13f}: [DhcpNameServer] 82.209.169.71 82.209.169.72
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll => No File
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll => No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe" [X]

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====

Please post the log and let me know what problem persists with this computer.

#3 Viveca

Viveca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 16 April 2018 - 06:47 AM

Hi,

 

Thanks for your reply.

 

Should I save the code you sent me in a Notepad file and then run it in the Farbar software?

 

Have my browsers been compromised - how do you know?

 

Kind regards,

 

Viveca



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 16 April 2018 - 07:16 AM



Hi,

Should I save the code you sent me in a Notepad file and then run it in the Farbar software?


Yes, follow my instructions Notpad will open copy the fix in the quote box and save the file as Fixlist.txt.
Place the file in the same folder as the Farbar program run it and click the Fix button.
---

Work with your browsers, if you get any redirects and or issues reset them.

#5 Viveca

Viveca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 20 April 2018 - 07:24 AM

Thanks,

 

Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Kattis (18-04-2018 17:11:19) Run:1
Running from D:\
Loaded Profiles: Kattis (Available Profiles: Kattis)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Tcpip\Parameters: [DhcpNameServer] 82.209.169.71 82.209.169.72
Tcpip\..\Interfaces\{aa3cd9c7-ec94-47d8-8f5a-cbc60955c13f}: [DhcpNameServer] 82.209.169.71 82.209.169.72
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll => No File
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll => No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe" [X]

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End


*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{aa3cd9c7-ec94-47d8-8f5a-cbc60955c13f}\\DhcpNameServer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => removed successfully
"HKLM\Software\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\sacore" => removed successfully
"HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => removed successfully
"HKLM\System\CurrentControlSet\Services\mccspsvc" => removed successfully
mccspsvc => service removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.
No operation can be performed on Anslutning till lokalt n„tverk* 1 while it has its media disconnected.

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.
No operation can be performed on Anslutning till lokalt n„tverk* 1 while it has its media disconnected.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10589371 B
Java, Flash, Steam htmlcache => 735 B
Windows/system/drivers => 2040120 B
Edge => 1631098 B
Chrome => 0 B
Firefox => 11451176 B

 

 

When I scan with Malaware bytes I found a PUP.OPTIONAL.TROVI file located in Explorer, should I fix the Explorer browser too?

 

Can you see in the log files if the firewall is working properly?

 

In my Onedrive - Properties - Security I find the username wscsvc, what is that?

 

Kind regards,

 

Viveca



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 20 April 2018 - 08:04 AM



Hi,

When I scan with Malaware bytes I found a PUP.OPTIONAL.TROVI file located in Explorer, should I fix the Explorer browser too?

Remove the item(s) found by MBAM.

If you have issiues with Internet Explorer reset it.
Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.
===


Can you see in the log files if the firewall is working properly?

This is reported in your Addition.txt log.
Windows Firewall is enabled.
===

In my Onedrive - Properties - Security I find the username wscsvc, what is that?

If you do not have any issues it should be ok.
Check it out.
http://www.systemlookup.com/O23/5529-svchost_exe_wscsvc_dll.html

===

Any remaining issues with this computer?

#7 Viveca

Viveca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 21 April 2018 - 05:24 AM

No remaining issues.

 

Many thanks for helping me out! :thumbup2:

 

Viveca



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 21 April 2018 - 06:58 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#9 Viveca

Viveca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 23 April 2018 - 05:55 AM

Thanks,

 

I have one more question. :-)

 

What do you think caused the changes that had been made in Firefox?

 

Was it the Trovi file in Explorer, or something else?

 

Kind regards,

 

Viveca



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 23 April 2018 - 08:32 AM

Hi,

I do not know what Malwarebytes found about Trovi but it's malware and you did well in removing it.

---

Something changed your Name servier and was the cause of the internet not working correctly.
Tcpip\Parameters: [DhcpNameServer] 82.209.169.71 82.209.169.72
It was removed.

---

Keep safe!

#11 Viveca

Viveca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 29 August 2018 - 07:40 AM

Hi,

 

I get the impression I have been hacked again? Please see my FRST log files below.

Kind regards,

 

Viveca

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Svennis (administrator) on DESKTOP-3UK6CC4 (19-08-2018 13:47:29)
Running from C:\Users\Svennis\Desktop
Loaded Profiles: defaultuser0 & Svennis (Available Profiles: defaultuser0 & Svennis)
Platform: Windows 10 Home Version 1803 17134.228 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_18_5\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.9.175.0\McCSPServiceHost.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
Failed to access process -> RadeonSettings.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
Failed to access process -> RadeonSettings.exe
Failed to access process -> RadeonSettings.exe
Failed to access process -> RadeonSettings.exe
Failed to access process -> HxOutlook.exe
Failed to access process -> RadeonSettings.exe
Failed to access process -> RadeonSettings.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [146800 2018-05-18] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4305776 2018-05-30] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-3877911158-143358730-3224076167-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3877911158-143358730-3224076167-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-3877911158-143358730-3224076167-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 82.209.169.71 82.209.169.72
Tcpip\..\Interfaces\{632584ac-cda9-476a-95e0-5a322e3d28c0}: [DhcpNameServer] 82.209.169.71 82.209.169.72
Tcpip\..\Interfaces\{d17cc5c2-d07b-4094-9fd1-98a4c1b73cdb}: [DhcpNameServer] 192.168.168.126
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3877911158-143358730-3224076167-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-3877911158-143358730-3224076167-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3877911158-143358730-3224076167-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877911158-143358730-3224076167-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877911158-143358730-3224076167-1001 -> {3B1654AE-DCE4-4A2A-9B54-53BD09030C4C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-08-15] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-15] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-06-15] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-06-15] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-08-15] (Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-08-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-15] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default [2018-08-18]
CHR Extension: (Presentationer) - C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-15]
CHR Extension: (Dokument) - C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-15]
CHR Extension: (Google Drive) - C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-15]
CHR Extension: (YouTube) - C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-15]
CHR Extension: (Kalkylark) - C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-15]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-08-15]
CHR Extension: (Google Dokument Offline) - C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-15]
CHR Extension: (Gmail) - C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-15]
CHR Extension: (Chrome Media Router) - C:\Users\Svennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc.)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [2498296 2018-05-30] (Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] ()
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_5\McApExe.exe [728808 2018-06-12] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2016-11-15] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-04-24] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [519120 2018-04-24] (McAfee, LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [473552 2018-04-24] (McAfee, LLC)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1689952 2018-06-05] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-30] (McAfee, Inc.)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [17656 2018-03-22] (Check Point Software Technologies Ltd.)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [293344 2017-07-12] (Realtek Semiconductor Corp.)
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [416576 2016-10-27] (Conexant Systems, Inc.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51216 2016-08-23] (Advanced Micro Devices, Inc.)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [196344 2018-04-23] (Check Point Software Technologies Ltd.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4292984 2018-05-18] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-14] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-14] (Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [56688 2018-04-16] (Check Point Software Technologies Ltd.)
R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [45936 2018-05-30] ()
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2018-05-15] (Check Point Software Technologies, Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34704 2016-08-13] (Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54160 2016-09-13] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\System32\drivers\amdkmcsp.sys [100752 2016-08-23] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [96544 2016-08-04] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [254864 2016-08-23] (Advanced Micro Devices, Inc. )
R3 amduart; C:\WINDOWS\System32\drivers\amduart.sys [91672 2016-08-12] (Advanced Micro Devices, Inc)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-05-16] (McAfee, LLC)
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [61592 2018-04-11] (Check Point Software Technologies Ltd.)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [68280 2018-04-09] (Check Point Software Technologies Ltd.)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [117400 2017-12-10] (Check Point Software Technologies)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [101552 2017-10-23] (Check Point Software Technologies)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31144 2017-11-23] (ASUS)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\Bin\ISWKL.sys [65264 2018-03-11] (Check Point Software Technologies Ltd.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-05-16] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [361888 2018-05-16] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-05-16] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [533408 2018-05-16] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [954784 2018-05-16] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [550288 2018-05-03] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108944 2018-05-03] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-05-16] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-05-16] (McAfee, LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2018-08-13] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [724448 2017-07-12] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [8009040 2017-12-21] (Realtek Semiconductor Corporation )
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Corporation)
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2018-05-15] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-08-14] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-08-14] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-14] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
U3 iswSvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-19 13:47 - 2018-08-19 13:48 - 000021050 _____ C:\Users\Svennis\Desktop\FRST.txt
2018-08-19 13:46 - 2018-08-19 13:47 - 000000000 ____D C:\Users\Svennis\Desktop\FRST AUG 2018
2018-08-19 13:02 - 2018-08-19 13:36 - 001388432 _____ C:\Users\Public\VOIP.dat
2018-08-19 12:37 - 2018-08-19 12:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-08-18 16:57 - 2018-08-19 06:39 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2018-08-17 13:05 - 2018-08-18 05:26 - 000000000 ____D C:\WINDOWS\Minidump
2018-08-16 10:00 - 2018-08-16 10:00 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-08-16 10:00 - 2018-08-16 10:00 - 000002432 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-08-16 10:00 - 2018-08-16 10:00 - 000002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-08-16 10:00 - 2018-08-16 10:00 - 000002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-08-16 10:00 - 2018-08-16 10:00 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-08-16 10:00 - 2018-08-16 10:00 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-08-16 10:00 - 2018-08-16 10:00 - 000002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-08-16 10:00 - 2018-08-16 10:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 – verktyg
2018-08-15 17:35 - 2018-08-15 17:35 - 000475539 _____ C:\Users\Svennis\Desktop\Port 53.pdf
2018-08-15 16:57 - 2018-08-15 16:57 - 000149742 _____ C:\Users\Svennis\Desktop\Valvet.pdf
2018-08-15 16:56 - 2018-08-15 16:56 - 000137033 _____ C:\Users\Svennis\Desktop\Svensk fastighetsförmedling.pdf
2018-08-15 16:55 - 2018-08-15 16:55 - 000488189 _____ C:\Users\Svennis\Desktop\Lenovo.pdf
2018-08-15 16:54 - 2018-08-15 16:54 - 000138467 _____ C:\Users\Svennis\Desktop\Vellinge plåt.pdf
2018-08-15 16:53 - 2018-08-15 16:53 - 000141388 _____ C:\Users\Svennis\Desktop\Jönssons plåtslageri.pdf
2018-08-15 16:52 - 2018-08-15 16:52 - 000173207 _____ C:\Users\Svennis\Desktop\Milesson glasmästeri.pdf
2018-08-15 16:52 - 2018-08-15 16:52 - 000132744 _____ C:\Users\Svennis\Desktop\Malmö galsmästeri.pdf
2018-08-15 16:44 - 2018-08-15 16:44 - 000025019 _____ C:\Users\Svennis\Desktop\SSS31826601.zip
2018-08-15 16:43 - 2018-08-15 16:43 - 000174615 _____ C:\Users\Svennis\Desktop\ASUS_Support_Aktuell.pdf
2018-08-15 16:35 - 2018-08-15 16:35 - 000276090 _____ C:\Users\Svennis\Desktop\ASUS_Support.pdf
2018-08-15 11:40 - 2018-08-19 12:37 - 000000000 ____D C:\Users\Svennis\AppData\Local\CrashDumps
2018-08-15 09:06 - 2018-08-15 09:06 - 000000000 ____D C:\Users\Svennis\AppData\Roaming\AVAST Software
2018-08-15 09:06 - 2018-08-15 09:06 - 000000000 ____D C:\Users\Svennis\AppData\Local\AVAST Software
2018-08-15 09:02 - 2018-08-15 11:48 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4d62b207d1c3a96e.tmp
2018-08-15 09:02 - 2018-08-15 09:02 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2f87d850f0bbc6d1.tmp
2018-08-15 09:02 - 2018-08-15 09:02 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe543195e8ca68bca.tmp
2018-08-15 09:02 - 2018-08-15 09:02 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw57190bf38eb3132d.tmp
2018-08-15 09:02 - 2018-08-15 09:02 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd3143aa6dcfe0b95.tmp
2018-08-15 09:02 - 2018-08-15 09:02 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbe610e69e04d2549.tmp
2018-08-15 09:02 - 2018-08-15 09:02 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd70ee201b4ec81f2.tmp
2018-08-15 09:02 - 2018-08-15 09:02 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswddf9d633399cc6c0.tmp
2018-08-15 09:02 - 2018-08-15 09:02 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4979ad04d35fa891.tmp
2018-08-15 09:02 - 2018-08-15 09:02 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-08-15 09:02 - 2018-08-15 09:01 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw285d6bc27683ca9d.tmp
2018-08-15 09:02 - 2018-08-15 09:01 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswdfcc829b3e5c752d.tmp
2018-08-15 09:02 - 2018-08-15 09:01 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw 6cff1dbf060e613.tmp
2018-08-15 09:02 - 2018-08-15 09:01 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw97922f9097fc5b62.tmp
2018-08-15 09:02 - 2018-08-15 09:01 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbe244d164e98a0c0.tmp
2018-08-15 09:02 - 2018-08-15 09:01 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1530a60a99d5b405.tmp
2018-08-15 09:01 - 2018-08-15 11:49 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-15 09:01 - 2018-08-15 09:01 - 000000000 ____D C:\Program Files\AVAST Software
2018-08-15 08:49 - 2018-08-17 14:24 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-08-15 08:49 - 2018-08-15 08:49 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-08-15 08:49 - 2018-08-15 08:49 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-15 08:49 - 2018-08-15 08:49 - 000002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-15 08:49 - 2018-08-15 08:49 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-15 08:49 - 2018-08-15 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-15 08:49 - 2018-08-15 08:49 - 000000000 ____D C:\Program Files\CCleaner
2018-08-15 08:48 - 2018-08-15 08:53 - 000003514 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-08-15 08:48 - 2018-08-15 08:53 - 000003390 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-08-15 08:48 - 2018-08-15 08:49 - 000000000 ____D C:\Users\Svennis\AppData\Local\Google
2018-08-15 08:48 - 2018-08-15 08:49 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-15 08:40 - 2018-08-15 08:40 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-08-15 08:34 - 2018-08-17 12:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-15 08:34 - 2018-08-17 12:18 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-15 08:32 - 2018-08-16 03:13 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-08-15 08:32 - 2018-08-15 08:32 - 000001229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2018-08-15 08:32 - 2018-08-15 08:32 - 000001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2018-08-15 08:32 - 2018-08-15 08:32 - 000001206 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2018-08-15 08:32 - 2018-08-15 08:32 - 000000000 ____D C:\Program Files (x86)\Security Task Manager
2018-08-15 08:27 - 2018-08-03 10:39 - 021389368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-08-15 08:27 - 2018-08-03 05:39 - 009091480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-08-15 08:27 - 2018-08-03 05:39 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-08-15 08:27 - 2018-08-03 05:39 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-08-15 08:27 - 2018-08-03 05:25 - 006568784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-08-15 08:27 - 2018-08-03 05:23 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-08-15 08:27 - 2018-08-03 05:18 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-08-15 08:27 - 2018-08-03 05:18 - 022007808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-08-15 08:27 - 2018-08-03 05:15 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-08-15 08:27 - 2018-08-03 05:11 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-08-15 08:27 - 2018-08-03 05:09 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-08-15 08:27 - 2018-08-03 05:06 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-08-15 08:27 - 2018-07-14 08:46 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-08-15 08:27 - 2018-07-14 08:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-08-15 08:26 - 2018-08-03 10:39 - 000790304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-08-15 08:26 - 2018-08-03 10:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-08-15 08:26 - 2018-08-03 10:25 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-08-15 08:26 - 2018-08-03 10:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-08-15 08:26 - 2018-08-03 10:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2018-08-15 08:26 - 2018-08-03 10:24 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-08-15 08:26 - 2018-08-03 10:22 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-08-15 08:26 - 2018-08-03 10:21 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-08-15 08:26 - 2018-08-03 10:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-08-15 08:26 - 2018-08-03 10:21 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-08-15 08:26 - 2018-08-03 10:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-08-15 08:26 - 2018-08-03 10:20 - 004049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-08-15 08:26 - 2018-08-03 10:20 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-08-15 08:26 - 2018-08-03 10:20 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2018-08-15 08:26 - 2018-08-03 10:19 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-08-15 08:26 - 2018-08-03 09:45 - 000663128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-08-15 08:26 - 2018-08-03 09:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-08-15 08:26 - 2018-08-03 09:33 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-08-15 08:26 - 2018-08-03 09:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-08-15 08:26 - 2018-08-03 09:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2018-08-15 08:26 - 2018-08-03 09:30 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-08-15 08:26 - 2018-08-03 09:29 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-08-15 08:26 - 2018-08-03 09:29 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-08-15 08:26 - 2018-08-03 09:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-08-15 08:26 - 2018-08-03 09:27 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-08-15 08:26 - 2018-08-03 09:27 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-08-15 08:26 - 2018-08-03 07:41 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-08-15 08:26 - 2018-08-03 06:49 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-08-15 08:26 - 2018-08-03 05:47 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-08-15 08:26 - 2018-08-03 05:47 - 000128920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2018-08-15 08:26 - 2018-08-03 05:46 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-08-15 08:26 - 2018-08-03 05:46 - 000269248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-08-15 08:26 - 2018-08-03 05:41 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-08-15 08:26 - 2018-08-03 05:41 - 000077608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-08-15 08:26 - 2018-08-03 05:41 - 000061736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-08-15 08:26 - 2018-08-03 05:40 - 001221048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-08-15 08:26 - 2018-08-03 05:40 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-08-15 08:26 - 2018-08-03 05:40 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-08-15 08:26 - 2018-08-03 05:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-08-15 08:26 - 2018-08-03 05:40 - 000228136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-08-15 08:26 - 2018-08-03 05:40 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-08-15 08:26 - 2018-08-03 05:40 - 000072800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-08-15 08:26 - 2018-08-03 05:39 - 002829216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-08-15 08:26 - 2018-08-03 05:39 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-08-15 08:26 - 2018-08-03 05:39 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-08-15 08:26 - 2018-08-03 05:39 - 000692240 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-08-15 08:26 - 2018-08-03 05:39 - 000170936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-08-15 08:26 - 2018-08-03 05:39 - 000114080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-08-15 08:26 - 2018-08-03 05:39 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-08-15 08:26 - 2018-08-03 05:39 - 000031648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-08-15 08:26 - 2018-08-03 05:38 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-08-15 08:26 - 2018-08-03 05:38 - 001945792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-08-15 08:26 - 2018-08-03 05:38 - 001285536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-08-15 08:26 - 2018-08-03 05:38 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-08-15 08:26 - 2018-08-03 05:38 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-08-15 08:26 - 2018-08-03 05:38 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-08-15 08:26 - 2018-08-03 05:38 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-08-15 08:26 - 2018-08-03 05:38 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-08-15 08:26 - 2018-08-03 05:38 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-08-15 08:26 - 2018-08-03 05:38 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-08-15 08:26 - 2018-08-03 05:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-08-15 08:26 - 2018-08-03 05:38 - 000115640 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2018-08-15 08:26 - 2018-08-03 05:27 - 000061032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-08-15 08:26 - 2018-08-03 05:26 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-08-15 08:26 - 2018-08-03 05:25 - 002255008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-08-15 08:26 - 2018-08-03 05:25 - 001622296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-08-15 08:26 - 2018-08-03 05:25 - 001131064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-08-15 08:26 - 2018-08-03 05:25 - 000583120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-08-15 08:26 - 2018-08-03 05:25 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-08-15 08:26 - 2018-08-03 05:25 - 000539168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-08-15 08:26 - 2018-08-03 05:17 - 004380160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-08-15 08:26 - 2018-08-03 05:17 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-08-15 08:26 - 2018-08-03 05:16 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-08-15 08:26 - 2018-08-03 05:16 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2018-08-15 08:26 - 2018-08-03 05:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-08-15 08:26 - 2018-08-03 05:14 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-08-15 08:26 - 2018-08-03 05:14 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-08-15 08:26 - 2018-08-03 05:14 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-08-15 08:26 - 2018-08-03 05:14 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
2018-08-15 08:26 - 2018-08-03 05:13 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-08-15 08:26 - 2018-08-03 05:13 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-08-15 08:26 - 2018-08-03 05:13 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-08-15 08:26 - 2018-08-03 05:13 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-08-15 08:26 - 2018-08-03 05:13 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-08-15 08:26 - 2018-08-03 05:12 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-08-15 08:26 - 2018-08-03 05:12 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-08-15 08:26 - 2018-08-03 05:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-08-15 08:26 - 2018-08-03 05:12 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-08-15 08:26 - 2018-08-03 05:12 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-08-15 08:26 - 2018-08-03 05:12 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-08-15 08:26 - 2018-08-03 05:11 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-08-15 08:26 - 2018-08-03 05:11 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-08-15 08:26 - 2018-08-03 05:11 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-08-15 08:26 - 2018-08-03 05:11 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-08-15 08:26 - 2018-08-03 05:11 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-08-15 08:26 - 2018-08-03 05:11 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-08-15 08:26 - 2018-08-03 05:11 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-08-15 08:26 - 2018-08-03 05:10 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-08-15 08:26 - 2018-08-03 05:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2018-08-15 08:26 - 2018-08-03 05:09 - 005776896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-08-15 08:26 - 2018-08-03 05:09 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-08-15 08:26 - 2018-08-03 05:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-08-15 08:26 - 2018-08-03 05:09 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-08-15 08:26 - 2018-08-03 05:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-08-15 08:26 - 2018-08-03 05:09 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-08-15 08:26 - 2018-08-03 05:09 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-08-15 08:26 - 2018-08-03 05:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-08-15 08:26 - 2018-08-03 05:08 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-08-15 08:26 - 2018-08-03 05:08 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-08-15 08:26 - 2018-08-03 05:08 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-08-15 08:26 - 2018-08-03 05:08 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-08-15 08:26 - 2018-08-03 05:08 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-08-15 08:26 - 2018-08-03 05:08 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-08-15 08:26 - 2018-08-03 05:08 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-08-15 08:26 - 2018-08-03 05:08 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-08-15 08:26 - 2018-08-03 05:08 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-08-15 08:26 - 2018-08-03 05:08 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-08-15 08:26 - 2018-08-03 05:08 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-08-15 08:26 - 2018-08-03 05:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-08-15 08:26 - 2018-08-03 05:07 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-08-15 08:26 - 2018-08-03 05:07 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-08-15 08:26 - 2018-08-03 05:07 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-08-15 08:26 - 2018-08-03 05:06 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-08-15 08:26 - 2018-08-03 05:06 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-08-15 08:26 - 2018-08-03 05:06 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-08-15 08:26 - 2018-08-03 05:06 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-08-15 08:26 - 2018-08-03 05:06 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-08-15 08:26 - 2018-08-03 05:05 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-08-15 08:26 - 2018-08-03 05:05 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-08-15 08:26 - 2018-08-03 05:05 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-08-15 08:26 - 2018-08-03 05:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-08-15 08:26 - 2018-08-03 03:54 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-08-15 08:26 - 2018-07-15 02:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-08-15 08:26 - 2018-07-15 02:56 - 001523240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-08-15 08:26 - 2018-07-15 02:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-08-15 08:26 - 2018-07-15 02:44 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-08-15 08:26 - 2018-07-15 02:43 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-08-15 08:26 - 2018-07-15 02:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-08-15 08:26 - 2018-07-15 02:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-08-15 08:26 - 2018-07-15 02:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-08-15 08:26 - 2018-07-15 02:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-08-15 08:26 - 2018-07-15 02:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-08-15 08:26 - 2018-07-15 02:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-08-15 08:26 - 2018-07-15 02:38 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-08-15 08:26 - 2018-07-15 02:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-08-15 08:26 - 2018-07-15 02:38 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-08-15 08:26 - 2018-07-15 02:38 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-08-15 08:26 - 2018-07-15 02:36 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-08-15 08:26 - 2018-07-15 01:28 - 001327424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-08-15 08:26 - 2018-07-15 01:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-08-15 08:26 - 2018-07-15 01:17 - 011901440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-08-15 08:26 - 2018-07-15 01:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-08-15 08:26 - 2018-07-15 01:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-08-15 08:26 - 2018-07-15 01:13 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-08-15 08:26 - 2018-07-15 01:13 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-08-15 08:26 - 2018-07-15 01:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-08-15 08:26 - 2018-07-15 01:13 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-08-15 08:26 - 2018-07-15 01:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-08-15 08:26 - 2018-07-14 06:37 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-08-15 08:26 - 2018-07-14 06:37 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-08-15 08:26 - 2018-07-14 06:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-08-15 08:26 - 2018-07-14 06:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-08-15 08:26 - 2018-07-14 06:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-08-15 08:26 - 2018-07-14 06:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-08-15 08:26 - 2018-07-14 06:22 - 000203560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-08-15 08:26 - 2018-07-14 06:21 - 000722824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-08-15 08:26 - 2018-07-14 06:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-08-15 08:26 - 2018-07-14 06:20 - 000184472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-08-15 08:26 - 2018-07-14 06:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-08-15 08:26 - 2018-07-14 06:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-08-15 08:26 - 2018-07-14 06:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-08-15 08:26 - 2018-07-14 06:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-08-15 08:26 - 2018-07-14 06:19 - 000483024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-08-15 08:26 - 2018-07-14 06:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-08-15 08:26 - 2018-07-14 06:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-08-15 08:26 - 2018-07-14 06:18 - 001017584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-08-15 08:26 - 2018-07-14 06:18 - 000930712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-08-15 08:26 - 2018-07-14 06:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-08-15 08:26 - 2018-07-14 06:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-08-15 08:26 - 2018-07-14 06:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-08-15 08:26 - 2018-07-14 06:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-08-15 08:26 - 2018-07-14 06:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-08-15 08:26 - 2018-07-14 06:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-08-15 08:26 - 2018-07-14 06:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-08-15 08:26 - 2018-07-14 06:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-08-15 08:26 - 2018-07-14 06:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-08-15 08:26 - 2018-07-14 06:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-08-15 08:26 - 2018-07-14 06:15 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-08-15 08:26 - 2018-07-14 06:15 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-08-15 08:26 - 2018-07-14 06:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-08-15 08:26 - 2018-07-14 05:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-08-15 08:26 - 2018-07-14 05:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-08-15 08:26 - 2018-07-14 05:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-08-15 08:26 - 2018-07-14 05:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2018-08-15 08:26 - 2018-07-14 05:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-08-15 08:26 - 2018-07-14 05:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-08-15 08:26 - 2018-07-14 05:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-08-15 08:26 - 2018-07-14 05:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-08-15 08:26 - 2018-07-14 05:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-08-15 08:26 - 2018-07-14 05:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2018-08-15 08:26 - 2018-07-14 05:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-08-15 08:26 - 2018-07-14 05:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-08-15 08:26 - 2018-07-14 05:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-08-15 08:26 - 2018-07-14 05:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-08-15 08:26 - 2018-07-14 05:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 003319808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-08-15 08:26 - 2018-07-14 05:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2018-08-15 08:26 - 2018-07-14 05:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-08-15 08:26 - 2018-07-14 05:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-08-15 08:26 - 2018-07-14 05:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-08-15 08:26 - 2018-07-14 05:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-08-15 08:26 - 2018-07-14 05:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-08-15 08:26 - 2018-07-14 05:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-08-15 08:26 - 2018-07-14 05:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2018-08-15 08:26 - 2018-07-14 05:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-08-15 08:26 - 2018-07-14 05:51 - 002904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-08-15 08:26 - 2018-07-14 05:51 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-08-15 08:26 - 2018-07-14 05:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-08-15 08:26 - 2018-07-14 05:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-08-15 08:26 - 2018-07-14 05:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-08-15 08:26 - 2018-07-14 05:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-08-15 08:26 - 2018-07-14 05:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-08-15 08:26 - 2018-07-14 05:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-08-15 08:26 - 2018-07-14 05:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-08-15 08:26 - 2018-07-14 05:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-08-15 08:26 - 2018-07-14 05:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-08-15 08:26 - 2018-07-14 05:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-08-15 08:26 - 2018-07-14 05:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-08-15 08:26 - 2018-07-14 05:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-08-15 08:26 - 2018-07-14 05:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-08-15 08:26 - 2018-07-14 05:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-08-15 08:26 - 2018-07-14 05:49 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-08-15 08:26 - 2018-07-14 05:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-08-15 08:26 - 2018-07-13 06:30 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-08-15 08:16 - 2018-08-15 08:16 - 000001372 _____ C:\Users\Svennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk
2018-08-14 20:41 - 2018-08-14 20:41 - 000000000 ____D C:\Users\Svennis\AppData\Local\CEF
2018-08-14 20:29 - 2018-08-19 13:47 - 000000000 ____D C:\FRST
2018-08-14 20:29 - 2018-08-14 20:29 - 002412544 _____ (Farbar) C:\Users\Svennis\Desktop\FRST64.exe
2018-08-14 20:29 - 2018-08-14 20:29 - 000000000 ____D C:\Users\Svennis\Desktop\FRST-OlderVersion
2018-08-14 13:30 - 2018-08-14 13:30 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-08-14 11:44 - 2018-08-14 11:44 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2018-08-14 11:36 - 2018-08-15 11:39 - 000000000 ____D C:\Users\Svennis\AppData\Local\FSDART
2018-08-14 11:36 - 2018-08-14 11:47 - 000000000 ____D C:\ProgramData\F-Secure
2018-08-14 11:36 - 2018-08-14 11:36 - 000000000 ____D C:\Users\Svennis\AppData\Local\F-Secure
2018-08-14 11:13 - 2018-08-14 11:13 - 000000000 ____D C:\Users\Svennis\AppData\Local\D3DSCache
2018-08-14 10:20 - 2018-08-18 08:41 - 000000000 ____D C:\Users\defaultuser0
2018-08-14 10:20 - 2018-08-14 10:20 - 000000020 ___SH C:\Users\defaultuser0\ntuser.ini
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Public\Documents\Mina videoklipp
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Public\Documents\Mina bilder
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Public\Documents\Min musik
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\Start-meny
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\Skrivare
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\Programdata
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\Nätverket
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\Mina dokument
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\Mallar
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\Lokala inställningar
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Mina videoklipp
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Mina bilder
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Min musik
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Program
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Local\Tidigare
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Local\Programdata
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\Start-meny
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\Skrivare
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\Programdata
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\Nätverket
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\Mina dokument
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\Mallar
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\Lokala inställningar
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\Documents\Mina videoklipp
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\Documents\Mina bilder
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\Documents\Min musik
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Program
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\AppData\Local\Tidigare
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default\AppData\Local\Programdata
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default User\Documents\Mina videoklipp
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default User\Documents\Mina bilder
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default User\Documents\Min musik
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Program
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Tidigare
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Programdata
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\Default User
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Users\All Users
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\ProgramData\Start-meny
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\ProgramData\Skrivbord
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\ProgramData\Programdata
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Program
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\ProgramData\Mallar
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\ProgramData\Dokument
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Program Files\Delade filer
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Program
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 _SHDL C:\Documents and Settings
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2018-08-14 10:20 - 2018-08-14 10:20 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2018-08-14 10:20 - 2018-04-12 01:34 - 000001105 _____ C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-14 10:20 - 2018-04-12 01:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-08-14 10:19 - 2018-08-19 12:39 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-08-14 10:19 - 2018-08-19 12:39 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-08-14 10:19 - 2018-08-18 08:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-14 10:19 - 2018-08-14 16:49 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-08-14 10:19 - 2018-08-14 16:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-08-14 10:19 - 2018-08-14 14:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-08-14 10:19 - 2018-08-14 13:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
2018-08-14 10:19 - 2018-08-14 10:19 - 000022908 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-08-14 10:19 - 2018-08-14 10:19 - 000002968 _____ C:\WINDOWS\System32\Tasks\Update Checker
2018-08-14 10:19 - 2018-08-14 10:19 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2018-08-14 10:19 - 2018-08-14 10:19 - 000002866 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2018-08-14 10:19 - 2018-08-14 10:19 - 000002768 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-08-14 10:19 - 2018-08-14 10:19 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2018-08-14 10:19 - 2018-08-14 10:19 - 000002146 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-08-14 10:19 - 2018-08-14 10:19 - 000001984 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2018-08-14 10:19 - 2018-08-14 10:19 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2018-08-14 10:18 - 2018-08-14 10:18 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-08-14 10:10 - 2018-08-14 10:10 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-08-14 10:07 - 2018-08-14 10:13 - 000000000 ____D C:\ProgramData\Realtek
2018-08-14 10:07 - 2018-08-14 10:07 - 000001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
2018-08-14 10:07 - 2018-08-14 10:07 - 000000000 ____D C:\WINDOWS\UCI
2018-08-14 10:07 - 2018-08-14 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2018-08-14 10:06 - 2018-08-14 10:06 - 000000000 ____D C:\ProgramData\USOShared
2018-08-14 10:06 - 2016-10-27 17:14 - 000416576 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2018-08-14 10:06 - 2016-10-27 17:14 - 000416576 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\SASrv.exe
2018-08-14 10:06 - 2015-07-31 18:29 - 000004664 _____ C:\WINDOWS\system32\Drivers\CxSfPt.DAT
2018-08-14 10:05 - 2018-08-14 09:28 - 000000000 ____D C:\ProgramData\Conexant
2018-08-14 10:05 - 2014-10-20 15:54 - 000207576 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2018-08-14 10:04 - 2018-08-18 08:41 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2018-08-14 10:04 - 2018-08-14 10:11 - 000000000 ____D C:\Program Files\AMD
2018-08-14 10:04 - 2018-08-14 10:06 - 000000000 ____D C:\ProgramData\UIU
2018-08-14 10:04 - 2018-08-14 10:06 - 000000000 ____D C:\Program Files\CONEXANT
2018-08-14 10:04 - 2018-08-14 10:04 - 001705080 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2018-08-14 10:04 - 2018-08-14 10:04 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf
2018-08-14 10:04 - 2018-08-14 10:04 - 000000000 ____D C:\WINDOWS\tbaseregistry
2018-08-14 10:04 - 2018-08-14 10:04 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-08-14 10:04 - 2018-08-14 10:04 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2018-08-14 10:04 - 2018-04-12 01:33 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEShims.dll
2018-08-14 10:03 - 2018-08-18 20:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-14 10:03 - 2018-08-15 11:39 - 000234384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-14 10:03 - 2018-08-14 10:03 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-08-14 10:00 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\ASUS
2018-08-14 10:00 - 2018-08-14 10:00 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-08-14 09:59 - 2018-08-14 09:59 - 000000000 ____D C:\WINDOWS\Firmware
2018-08-14 09:58 - 2018-08-14 09:58 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-08-14 09:58 - 2018-08-14 09:58 - 000000000 ____D C:\WINDOWS\Setup
2018-08-14 09:55 - 2018-08-18 08:47 - 000678606 _____ C:\WINDOWS\system32\perfh01D.dat
2018-08-14 09:55 - 2018-08-18 08:47 - 000137302 _____ C:\WINDOWS\system32\perfc01D.dat
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-08-14 09:55 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-08-14 09:55 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-08-14 09:55 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-08-14 09:55 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-08-14 09:55 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-08-14 09:55 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-08-14 09:55 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-08-14 09:55 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-08-14 09:55 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-08-14 09:55 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\OCR
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-08-14 09:55 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-08-14 09:55 - 2018-08-14 09:55 - 000301162 _____ C:\WINDOWS\system32\perfi01D.dat
2018-08-14 09:55 - 2018-08-14 09:55 - 000039264 _____ C:\WINDOWS\system32\perfd01D.dat
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\sv
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\sv
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\0409
2018-08-14 09:55 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-08-14 09:53 - 2018-08-06 17:19 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-08-14 09:53 - 2018-08-06 17:19 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-14 09:50 - 2018-08-19 13:48 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-14 09:50 - 2018-08-19 06:39 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-14 09:50 - 2018-08-18 21:32 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-14 09:50 - 2018-08-18 08:43 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-08-14 09:50 - 2018-08-18 05:26 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ___RD C:\Program Files\Windows Defender
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\TextInput
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-08-14 09:50 - 2018-08-15 10:45 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-08-14 09:50 - 2018-08-15 09:02 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-14 09:50 - 2018-08-15 08:53 - 000000000 ___RD C:\Program Files (x86)
2018-08-14 09:50 - 2018-08-15 08:40 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-08-14 09:50 - 2018-08-15 08:19 - 000000000 ____D C:\WINDOWS\appcompat
2018-08-14 09:50 - 2018-08-14 10:20 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-08-14 09:50 - 2018-08-14 10:20 - 000000000 ____D C:\WINDOWS\Registration
2018-08-14 09:50 - 2018-08-14 10:20 - 000000000 ____D C:\Program Files\windows nt
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\system32\spool
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\IME
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\WINDOWS\Help
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-08-14 09:50 - 2018-08-14 10:13 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-08-14 09:50 - 2018-08-14 10:12 - 000000000 ____D C:\Program Files\Common Files\system
2018-08-14 09:50 - 2018-08-14 10:08 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-08-14 09:50 - 2018-08-14 10:06 - 000000000 ____D C:\ProgramData\USOPrivate
2018-08-14 09:50 - 2018-08-14 10:03 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-08-14 09:50 - 2018-08-14 10:03 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-08-14 09:50 - 2018-08-14 10:00 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-08-14 09:50 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-08-14 09:50 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-08-14 09:50 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-08-14 09:50 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\setup
2018-08-14 09:50 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-08-14 09:50 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-08-14 09:50 - 2018-08-14 09:57 - 000000000 ____D C:\WINDOWS\Provisioning
2018-08-14 09:50 - 2018-08-14 09:55 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-08-14 09:50 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-08-14 09:50 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-08-14 09:50 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-08-14 09:50 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\system32\com
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 __RSD C:\WINDOWS\media
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 __RHD C:\Users\Public\Libraries
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\Vss
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\Web
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\WaaS
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\tracing
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\TAPI
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SystemResources
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SystemApps
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\ras
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\my-mm
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\IME
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\ias
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\DriverState
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\System
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SKB
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\ServiceState
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\security
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\schemas
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\SchCache
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\Resources
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\rescache
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\PLA
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\Performance
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\InputMethod
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\IdentityCRL
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\Globalization
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\Cursors
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\Branding
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\addins
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\Program Files\Windows Security
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\Program Files\Common Files\Services
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-08-14 09:50 - 2018-08-14 09:50 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-08-14 09:50 - 2018-08-14 09:47 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-08-14 09:50 - 2018-08-14 09:47 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-08-14 09:50 - 2018-08-14 09:47 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-08-14 09:50 - 2018-08-14 09:47 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-08-14 09:50 - 2018-08-14 09:47 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-08-14 09:50 - 2018-08-14 09:47 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-08-14 09:50 - 2018-08-14 09:47 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-08-14 09:50 - 2018-08-14 09:47 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-08-14 09:50 - 2018-08-14 09:47 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-08-14 09:50 - 2018-08-14 09:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-08-14 09:48 - 2018-08-18 08:47 - 000000000 ____D C:\WINDOWS\INF
2018-08-14 09:48 - 2018-08-14 10:55 - 000000496 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2018-08-14 09:48 - 2018-04-11 08:17 - 000061592 _____ (Check Point Software Technologies Ltd.) C:\WINDOWS\system32\Drivers\cpbak.sys
2018-08-14 09:48 - 2018-04-09 13:53 - 000068280 _____ (Check Point Software Technologies Ltd.) C:\WINDOWS\system32\Drivers\CPEPMon.sys
2018-08-14 09:44 - 2018-08-14 09:44 - 000000000 ____D C:\Users\Svennis\AppData\Local\Comms
2018-08-14 09:44 - 2018-08-14 09:44 - 000000000 ____D C:\ProgramData\MobileBrServ
2018-08-14 09:43 - 2018-08-15 08:34 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-14 09:42 - 2018-08-18 08:41 - 098304000 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-08-14 09:42 - 2018-08-18 08:41 - 017039360 _____ C:\WINDOWS\system32\config\SYSTEM
2018-08-14 09:42 - 2018-08-18 08:41 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT
2018-08-14 09:42 - 2018-08-18 08:41 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-14 09:42 - 2018-08-18 08:41 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2018-08-14 09:42 - 2018-08-18 08:41 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2018-08-14 09:42 - 2018-08-15 11:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-08-14 09:42 - 2018-08-15 08:52 - 000000000 ____D C:\WINDOWS\Panther
2018-08-14 09:42 - 2018-08-14 09:55 - 000000000 ____D C:\WINDOWS\servicing
2018-08-14 09:42 - 2018-08-14 09:52 - 000000000 ____D C:\ProgramData\Packages
2018-08-14 09:42 - 2018-08-14 09:50 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-08-14 09:32 - 2018-08-14 17:49 - 000000000 ____D C:\Users\Svennis\AppData\Local\PlaceholderTileLogoFolder
2018-08-14 09:32 - 2018-08-14 09:32 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3877911158-143358730-3224076167-1001
2018-08-14 09:31 - 2018-08-14 09:31 - 000440752 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2018-08-14 09:31 - 2018-08-14 09:31 - 000000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2018-08-14 09:31 - 2018-08-14 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2018-08-14 09:30 - 2018-08-14 09:48 - 000000000 ____D C:\ProgramData\CheckPoint
2018-08-14 09:30 - 2018-08-14 09:47 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2018-08-14 09:30 - 2018-08-14 09:32 - 000000000 ___RD C:\Users\Svennis\OneDrive
2018-08-14 09:30 - 2018-08-14 09:30 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-08-14 09:28 - 2018-08-19 12:38 - 000000182 _____ C:\Users\Svennis\AppData\Roaming\sp_data.sys
2018-08-14 09:28 - 2018-08-14 09:28 - 000000000 ____D C:\Users\Svennis\AppData\Local\Conexant
2018-08-14 09:27 - 2018-08-19 12:36 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-08-14 09:27 - 2018-08-14 09:28 - 000000000 ____D C:\Users\Svennis\AppData\Local\ASUS GIFTBOX
2018-08-14 09:27 - 2018-08-14 09:27 - 000001417 _____ C:\Users\Svennis\Desktop\Microsoft Edge.lnk
2018-08-14 09:27 - 2018-08-14 09:27 - 000000000 ____D C:\Users\Svennis\AppData\Roaming\Macromedia
2018-08-14 09:27 - 2018-08-14 09:27 - 000000000 ____D C:\Users\Svennis\AppData\Local\DBG
2018-08-14 09:27 - 2018-08-14 09:27 - 000000000 ____D C:\Users\Svennis\AppData\Local\Crashpad
2018-08-14 09:27 - 2018-08-14 09:27 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-08-14 09:26 - 2018-08-14 10:01 - 000000000 ____D C:\Users\Svennis\AppData\Local\Publishers
2018-08-14 09:26 - 2018-08-14 09:26 - 000000000 ___HD C:\Users\Svennis\MicrosoftEdgeBackups
2018-08-14 09:26 - 2018-08-14 09:26 - 000000000 ____D C:\Users\Svennis\AppData\Local\MicrosoftEdge
2018-08-14 09:25 - 2018-08-15 16:50 - 000000000 ____D C:\Users\Svennis\AppData\Local\Packages
2018-08-14 09:25 - 2018-08-15 11:40 - 000000000 ___RD C:\Users\Svennis\3D Objects
2018-08-14 09:25 - 2018-08-14 16:25 - 000000000 ____D C:\Users\Svennis\AppData\Local\ConnectedDevicesPlatform
2018-08-14 09:25 - 2018-08-14 09:25 - 000000000 ____D C:\Users\Svennis\AppData\Roaming\Adobe
2018-08-14 09:25 - 2018-08-14 09:25 - 000000000 ____D C:\Users\Svennis\AppData\Local\VirtualStore
2018-08-14 09:24 - 2018-08-17 14:33 - 000000000 ____D C:\Users\Svennis
2018-08-14 09:24 - 2018-08-14 09:32 - 000002371 _____ C:\Users\Svennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-14 09:24 - 2018-08-14 09:24 - 000000020 ___SH C:\Users\Svennis\ntuser.ini
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\Start-meny
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\Skrivare
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\Programdata
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\Nätverket
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\Mina dokument
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\Mallar
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\Lokala inställningar
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\Documents\Mina videoklipp
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\Documents\Mina bilder
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\Documents\Min musik
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\AppData\Roaming\Microsoft\Windows\Start Menu\Program
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\AppData\Local\Tidigare
2018-08-14 09:24 - 2018-08-14 09:24 - 000000000 _SHDL C:\Users\Svennis\AppData\Local\Programdata
2018-08-14 09:22 - 2018-08-18 08:47 - 001598844 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-14 08:38 - 2018-08-14 10:00 - 000000000 ___HD C:\$SysReset
2018-08-13 18:26 - 2018-08-13 16:23 - 000888064 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-08-13 18:26 - 2018-08-13 16:23 - 000082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2018-07-22 12:46 - 2018-07-22 12:46 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2018-07-22 12:46 - 2018-07-22 12:46 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2018-07-22 12:46 - 2018-07-22 12:46 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2018-07-22 12:46 - 2018-07-22 12:46 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2018-07-22 12:19 - 2018-07-22 12:19 - 000829264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2018-07-22 12:19 - 2018-07-22 12:19 - 000608080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2018-07-22 10:32 - 2018-07-22 10:32 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2018-07-22 10:32 - 2018-07-22 10:32 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2018-07-22 10:32 - 2018-07-22 10:32 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2018-07-22 10:32 - 2018-07-22 10:32 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-16 09:58 - 2017-11-29 23:21 - 000000000 ____D C:\Program Files\Microsoft Office
2018-08-15 11:40 - 2017-11-29 22:48 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-08-15 11:39 - 2017-11-29 23:09 - 000000000 ____D C:\Program Files\mcafee
2018-08-15 11:39 - 2017-11-29 23:09 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-08-14 16:50 - 2017-11-29 23:09 - 000000000 ____D C:\ProgramData\McAfee
2018-08-14 16:50 - 2017-11-29 23:09 - 000000000 ____D C:\Program Files\Common Files\mcafee
2018-08-14 10:19 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-08-14 10:13 - 2017-11-29 23:21 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-08-14 10:13 - 2017-11-29 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2018-08-14 10:13 - 2017-11-29 23:08 - 000000000 ____D C:\Program Files (x86)\ICEpower
2018-08-14 10:13 - 2017-11-29 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-08-14 10:13 - 2017-11-29 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2018-08-14 10:13 - 2017-11-29 22:56 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2018-08-14 10:13 - 2017-11-29 22:56 - 000000000 ____D C:\Program Files (x86)\AMD
2018-08-14 10:13 - 2017-11-29 22:54 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-14 10:13 - 2017-11-29 22:53 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-08-14 10:13 - 2017-11-29 22:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-14 10:13 - 2017-11-29 22:52 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-08-14 10:13 - 2017-05-04 11:15 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-08-14 10:13 - 2017-05-04 11:12 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-08-14 10:13 - 2017-05-04 11:12 - 000000000 ____D C:\Program Files\MSBuild
2018-08-14 10:13 - 2017-05-04 11:12 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-08-14 10:13 - 2017-05-04 11:12 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-08-14 10:13 - 2017-05-04 11:11 - 000000000 ____D C:\WINDOWS\Log
2018-08-14 10:13 - 2017-03-20 05:43 - 000000000 ____D C:\WINDOWS\HoloShell
2018-08-14 10:12 - 2017-11-29 23:09 - 000000000 ____D C:\Program Files\mcafee.com
2018-08-14 10:12 - 2017-11-29 23:04 - 000000000 ____D C:\Program Files\DIFX
2018-08-14 10:11 - 2017-05-04 11:11 - 000000000 ____D C:\eSupport
2018-08-14 09:48 - 2017-11-29 22:53 - 000000000 ____D C:\ProgramData\Package Cache
2018-08-14 09:47 - 2017-11-29 23:09 - 000000000 ____D C:\Program Files\Common Files\av
2018-08-14 09:28 - 2017-05-04 02:51 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-08-14 09:26 - 2017-11-29 23:22 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-08-14 09:26 - 2017-11-29 23:22 - 000002432 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-08-14 09:26 - 2017-11-29 23:22 - 000002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-08-14 09:26 - 2017-11-29 23:22 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-08-14 09:26 - 2017-11-29 23:22 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-08-14 09:26 - 2017-11-29 23:22 - 000002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
 
==================== Files in the root of some directories =======
 
2018-08-19 13:02 - 2018-08-19 13:36 - 001388432 _____ () C:\Users\Public\VOIP.dat
2018-08-14 09:28 - 2018-08-19 12:38 - 000000182 _____ () C:\Users\Svennis\AppData\Roaming\sp_data.sys
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-14 10:03
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Svennis (19-08-2018 13:49:23)
Running from C:\Users\Svennis\Desktop
Windows 10 Home Version 1803 17134.228 (X64) (2018-08-14 08:20:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administratör (S-1-5-21-3877911158-143358730-3224076167-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3877911158-143358730-3224076167-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3877911158-143358730-3224076167-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gäst (S-1-5-21-3877911158-143358730-3224076167-501 - Limited - Disabled)
Svennis (S-1-5-21-3877911158-143358730-3224076167-1001 - Administrator - Enabled) => C:\Users\Svennis
WDAGUtilityAccount (S-1-5-21-3877911158-143358730-3224076167-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {3EB84D8C-4821-F4B8-2DD8-2831FAA29B21}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.19 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.20.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0043 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.1.3 - ICEpower a/s)
Catalyst Control Center Next Localization BR (HKLM\...\{5887AFC6-CC4E-FB36-A02B-5993AC041857}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{CDCFE736-6387-4E66-017B-84C4FC31CE3F}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{F54C8A6F-467F-BB8E-2A6A-F4B3A5C77F1E}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{829F683D-2669-A486-1F0E-E79A96E2C36E}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{A9188CD2-3493-8ABE-3D3E-743556F580FA}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CB046326-3390-51C8-EE70-121ADA57CDAA}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{51EA45F6-0DBC-7F1E-CA52-E98F70EC4A8A}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{51281E38-27CD-9F7B-8AB5-75A69DD44164}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{811AC3C7-078E-901C-2EFE-D25A7A4A93FC}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{2F0A582C-9935-AB1E-286E-B9CA22008AD4}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{0A754C67-EF02-95B2-239C-673435E22F76}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B8E60640-B3B2-5851-8887-3B0A7785D44A}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{3DCA5D03-3C62-EF56-FF4F-6BC92E10AB6B}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{1C82AB22-F7C5-9B76-46BD-9DF8DFBF4C7D}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3EC0F7BB-0CA2-0382-6F58-66A4DA4373C2}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{5E4F7DD7-1335-9BE3-E858-BAC559CDB563}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{51002F63-8A2B-B302-5833-03DE2E79CE21}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{F76681C8-340F-A20B-5DFD-C18100DF765E}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{FAC8F07F-7F38-D597-6BC0-55531A69A327}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{B1EA6510-1771-6303-176A-EEB611FC74BB}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{1E5C2D75-1C00-382A-DF87-668167C0F00C}) (Version: 2017.0320.451.6902 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Check Point SBA (HKLM\...\{85A0CE49-6563-4208-86CC-B4297B836283}) (Version: 86.4.4023 - Check Point Software Technologies Ltd.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.77.57 - Conexant)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.7 - ASUSTek COMPUTER INC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
McAfee LiveSafe   (HKLM-x32\...\MSC) (Version: 16.0 R13 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.208 - McAfee, Inc.)
Microsoft Office 365 - sv-se (HKLM\...\O365HomePremRetail - sv-se) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3877911158-143358730-3224076167-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-041D-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.1000.170710 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0017 - REALTEK Semiconductor Corp.)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Windows Driver Package - ASUS (AsusTP) Mouse  (04/10/2017 1.0.0.296) (HKLM\...\CE3B2AC6A7CFF15EC85D2C007B1B4143383541C1) (Version: 04/10/2017 1.0.0.296 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.001.0534 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{B136506E-D077-4943-9F0D-B22494BAC3BA}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.3.060.17669 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{21085985-346F-4750-B57C-270359D3BB83}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-03-20] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D0A433A-CD3E-42FB-9FA4-D31A3BFC843F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2017-05-24] (ASUS)
Task: {112737E6-A2DC-4B36-AD28-B0043B283F0D} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {14DAACA5-D693-486E-98A7-BC0878E4E187} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-15] (Microsoft Corporation)
Task: {20745C92-43C5-497F-B7E8-3DFB1A8B4D67} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {258413A6-99B0-4BD2-B05B-64128C81F867} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {2DC194BA-CADD-41EB-A3C4-235F9044DA60} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-11-09] (ASUSTek COMPUTER INC.)
Task: {321D8EB5-0D94-4427-86FB-5B6044D9376F} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {3E47312D-2AF9-4E09-B238-FB9F83802E66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-15] (Google Inc.)
Task: {4EDAEEA5-F430-42E0-AF9A-6F1FF0173FE1} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {5B863B91-ABB1-4E20-B9A2-D935C72A14AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-15] (Google Inc.)
Task: {5F1A0A7A-AE78-4EA9-952F-407296281010} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {7A06B7CD-51F6-408B-A2AF-5D6419726084} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [2017-06-07] (Conexant Systems, Inc.)
Task: {7A404261-1FFC-40CD-98EC-1D85FB8CDBAD} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2018-06-06] (McAfee, Inc.)
Task: {845FAF92-9A3A-459C-BD50-BD2E4B023D22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {84A1121C-F724-436C-97A6-B00FF1D2A1F6} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {86A11303-2DCE-4B13-B214-1EABDF4B868C} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {9BC68057-7E64-4E19-B793-00BAEC3B2452} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {A5EDCE25-DCBD-476A-B7D7-12E48BE0D2CE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-05-24] (AsusTek)
Task: {A6DEA21D-9ED7-45F3-A8B0-F475AC6D394E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {ACB9BC37-F8DF-4BF0-935A-748527C57652} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {AD4ED1BE-EE90-4733-961F-2DDA2C4D21AC} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2017-07-03] (ASUSTek Computer Inc)
Task: {B613370C-1BCE-4C0A-B486-A182410016DB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-15] (Microsoft Corporation)
Task: {B9EA03C5-24BC-4634-86D1-82343F3F87BD} - System32\Tasks\Microsoft\Windows\Conexant\AFA => C:\Program Files\CONEXANT\cAudioFilterAgent\SACpl.exe [2016-07-05] (Conexant Systems, Inc.)
Task: {CA333975-8DD0-46BD-9E9A-F5A22B2967FD} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [2018-08-15] (Microsoft Corporation)
Task: {CD13BCB8-E93D-464F-921B-D62FBE20848E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-03-20] (Advanced Micro Devices, Inc.)
Task: {D3FFCB53-9A6E-464C-97F7-ED465C0A435E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {ED15BCAC-C4F7-4611-B3A4-7C7F32F559D5} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-08-14] (McAfee, LLC.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-08-14 09:44 - 2013-01-28 04:49 - 000239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2018-05-30 18:13 - 2018-05-30 18:13 - 000045936 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
2018-04-06 13:05 - 2018-04-06 13:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
2018-03-20 08:49 - 2018-03-20 08:49 - 000035064 _____ () c:\program files (x86)\checkpoint\endpoint security\tpcommon\cipolla\sbacipollasrvhost.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 ____N () C:\Windows\System32\InputHost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 ____N () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-08-15 08:26 - 2018-08-03 05:09 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000153336 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\TPCommonCLI.dll
2015-07-20 11:26 - 2015-07-20 11:26 - 001058320 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CloudServices.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000096504 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationProxyWrapperLib.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000063224 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsWrapperLib.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000059128 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsLib.dll
2017-07-03 11:51 - 2017-07-03 11:51 - 001937408 _____ () C:\Program Files (x86)\ASUS\Giftbox\ffmpeg.dll
2017-07-03 11:51 - 2017-07-03 11:51 - 003561984 _____ () C:\Program Files (x86)\ASUS\Giftbox\node.dll
2017-07-03 11:51 - 2017-07-03 11:51 - 000292352 _____ () \\?\C:\Program Files (x86)\ASUS\Giftbox\node_modules\appcloud-native-utils\anu.node
2017-07-03 11:51 - 2017-07-03 11:51 - 002177536 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2017-07-03 11:51 - 2017-07-03 11:51 - 000079360 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll
2013-04-27 12:24 - 2013-04-27 12:24 - 000071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2017-05-24 14:40 - 2017-05-24 14:40 - 000033280 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2017-04-14 17:45 - 2017-04-14 17:45 - 000125440 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2017-04-14 17:45 - 2017-04-14 17:45 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3877911158-143358730-3224076167-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3877911158-143358730-3224076167-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-3877911158-143358730-3224076167-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7F93BA43-2FCC-4447-949E-5C1EC767EDD9}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AC029416-D725-4034-AD94-827942B8CCEE}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{D2FF095A-F078-4B84-B9D3-79BEE29A900F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{DFE1ED04-6AA5-4D14-9A35-499DAEA806EC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{D84439AC-4CD2-453D-9BD8-C09D82B14B50}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{0F107A01-DA8C-425D-8C22-6C19287091F7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{ACEED027-2EC2-4750-B7B9-CA1286753589}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{71E4AE79-FC94-44ED-9147-4143E12F0962}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9367FBBC-127C-40E3-8450-FD277C5792AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{165724F5-DE31-453E-9C19-FB28C49964BB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{7D1AB06E-B5A7-438A-8910-A083AD3A0450}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{485A177F-DA6A-428C-8BAE-BC1127F17AB9}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{E85D13F9-1E22-4EF3-9E5B-E778BC5C32EA}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/19/2018 01:03:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet MicrosoftEdgeCP.exe, version 11.0.17134.228, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken i Säkerhet och underhåll på Kontrollpanelen.
 
Process-ID: 2a0c
 
Starttid: 01d437a92d51bca8
 
Avslutningstid: 0
 
Programsökväg: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 
Rapport-ID: 69eaead8-b65b-4b07-916c-6de2f9d3e6ef
 
Fullständigt namn på felaktigt paket: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
 
Program-ID relativt till felaktigt paket: ContentProcess
 
Error: (08/19/2018 12:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: RadeonSettings.exe, version 10.1.1.1666, tidsstämpel 0x58cf977c
, felet uppstod i modulen med namn: atiadlxx.dll, version 7.16.10.1301, tidsstämpel 0x575f5aa5
Undantagskod: 0xc0000005
Felförskjutning: 0x000000000008e9c7
Process-ID: 0xa70
Programmets starttid: 0x01d437a870771ce2
Sökväg till program: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Sökväg till modul: C:\WINDOWS\SYSTEM32\atiadlxx.dll
Rapport-ID: ae79bce9-aea6-412b-907f-adda4c02d232
Fullständigt namn på felaktigt paket: 
Program-ID relativt till felaktigt paket:
 
Error: (08/19/2018 10:07:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: RadeonSettings.exe, version 10.1.1.1666, tidsstämpel 0x58cf977c
, felet uppstod i modulen med namn: atiadlxx.dll, version 7.16.10.1301, tidsstämpel 0x575f5aa5
Undantagskod: 0xc0000005
Felförskjutning: 0x000000000008e9c7
Process-ID: 0x3fd0
Programmets starttid: 0x01d43793a9804d15
Sökväg till program: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Sökväg till modul: C:\WINDOWS\SYSTEM32\atiadlxx.dll
Rapport-ID: 0f06ee1c-9e14-42b2-9792-ad335afff10c
Fullständigt namn på felaktigt paket: 
Program-ID relativt till felaktigt paket:
 
Error: (08/19/2018 07:11:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: RadeonSettings.exe, version 10.1.1.1666, tidsstämpel 0x58cf977c
, felet uppstod i modulen med namn: atiadlxx.dll, version 7.16.10.1301, tidsstämpel 0x575f5aa5
Undantagskod: 0xc0000005
Felförskjutning: 0x000000000008e9c7
Process-ID: 0x3e44
Programmets starttid: 0x01d4377b260efb1e
Sökväg till program: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Sökväg till modul: C:\WINDOWS\SYSTEM32\atiadlxx.dll
Rapport-ID: 1aff3567-f14d-469d-bfe5-12cd294c0c00
Fullständigt namn på felaktigt paket: 
Program-ID relativt till felaktigt paket:
 
Error: (08/19/2018 07:03:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet HxOutlook.exe, version 16.0.10325.20091, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken i Säkerhet och underhåll på Kontrollpanelen.
 
Process-ID: 3434
 
Starttid: 01d43779f3041f85
 
Avslutningstid: 4294967295
 
Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe\HxOutlook.exe
 
Rapport-ID: 46fd71e3-c8b8-4c19-b359-913d5e35a2f2
 
Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe
 
Program-ID relativt till felaktigt paket: microsoft.windowslive.mail
 
Error: (08/19/2018 06:39:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: RadeonSettings.exe, version 10.1.1.1666, tidsstämpel 0x58cf977c
, felet uppstod i modulen med namn: atiadlxx.dll, version 7.16.10.1301, tidsstämpel 0x575f5aa5
Undantagskod: 0xc0000005
Felförskjutning: 0x000000000008e9c7
Process-ID: 0x510
Programmets starttid: 0x01d437769be443d0
Sökväg till program: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Sökväg till modul: C:\WINDOWS\SYSTEM32\atiadlxx.dll
Rapport-ID: cc2de7a7-8c54-4527-bc34-11a663d5c9a4
Fullständigt namn på felaktigt paket: 
Program-ID relativt till felaktigt paket:
 
Error: (08/18/2018 07:17:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: RadeonSettings.exe, version 10.1.1.1666, tidsstämpel 0x58cf977c
, felet uppstod i modulen med namn: atiadlxx.dll, version 7.16.10.1301, tidsstämpel 0x575f5aa5
Undantagskod: 0xc0000005
Felförskjutning: 0x000000000008e9c7
Process-ID: 0x3044
Programmets starttid: 0x01d4371753b59db2
Sökväg till program: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Sökväg till modul: C:\WINDOWS\SYSTEM32\atiadlxx.dll
Rapport-ID: a105738d-f4a6-4570-a297-892fc083c67b
Fullständigt namn på felaktigt paket: 
Program-ID relativt till felaktigt paket:
 
Error: (08/18/2018 04:40:55 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-3UK6CC4)
Description: httphttp-2147467263
 
 
System errors:
=============
Error: (08/19/2018 12:36:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten CDPSvc.
 
Error: (08/19/2018 12:36:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten CDPSvc.
 
Error: (08/19/2018 12:35:53 PM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 och APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (08/19/2018 10:07:11 AM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 och APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (08/19/2018 07:11:44 AM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 och APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (08/19/2018 06:42:09 AM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 och APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (08/19/2018 06:39:12 AM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 och APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (08/18/2018 07:17:07 PM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: Behörighetsinställningarna programspecifik ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 och APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 till användaren NT instans\Lokal tjänst SID (S-1-5-19) från adress LocalHost (med LRPC) som körs i programbehållaren Inte tillgänglig SID (Inte tillgänglig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
 
Windows Defender:
===================================
Date: 2018-08-15 18:52:42.968
Description: 
Ett fel uppstod när Windows Defender Antivirus skulle läsa in signaturer och ett försök att återgå till en godkänd signaturuppsättning kommer att göras.
Signaturer som skulle läsas in: Aktuell
Felkod: 0x80070002
Felbeskrivning: Det går inte att hitta filen. 
Signaturversion: 0.0.0.0;0.0.0.0
Motorversion: 0.0.0.0
 
Date: 2018-08-15 11:41:00.883
Description: 
Funktionen för realtidsskydd i Windows Defender Antivirus har stött på ett fel och avslutats.
Funktion: Beteendeövervakning
Felkod: 0x80508023
Felbeskrivning: Det gick inte att hitta någon skadlig kod eller annan oönskad programvara på enheten. 
Orsak: Skyddet mot skadlig kod har slutat fungera av okänd anledning. I vissa fall kan det hjälpa att starta om tjänsten.
 
==================== Memory info =========================== 
 
Processor: AMD A10-9620P RADEON R5, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 37%
Total physical RAM: 7120.46 MB
Available physical RAM: 4478.65 MB
Total Virtual: 8912.46 MB
Available Virtual: 5806.86 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:118.19 GB) (Free:84.16 GB) NTFS
 
\\?\Volume{3a3e8770-b52d-44be-98ca-c836baf4209e}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.41 GB) NTFS
\\?\Volume{33c400c8-d33b-4072-96c2-22a7c7c2aada}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.23 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 7658A881)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 29 August 2018 - 10:06 AM

Hi,

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===

    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please paste the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 01 September 2018 - 10:38 AM

Hi,
===

I found that Rootkit infection.
Wanted to see what the TDSSKiller would find.

For now execute this.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

Press the [b] Windows key + r[/b] on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.

[code]

Start

CreateRestorePoint:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!)

DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\aswSP
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\aswSnx

Reboot:

End
[/code]
Save the file as [b]fixlist.txt[/b] in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run [b]FRST[/b] and click [b]Fix[/b] only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists run the TDSSKilller program and post the log for my review.

p.s.
Pleasekep you missives in this topic.

#14 Viveca

Viveca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 03 September 2018 - 09:05 AM

Thanks,

 

I see thar you want to remove the Restriction for Google and Internet Explorer.

 

What does the Restriction mean?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 03 September 2018 - 09:17 AM

Did you set this?

If not remove it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users